ServiceNow, Outlook, and Docker Engine Patching Service

Published:

spot_img

Cyble Research & Intelligence Labs (CRIL) Top Vulnerabilities Report

Cyble Research & Intelligence Labs (CRIL) researchers have identified six critical vulnerabilities that security teams need to prioritize this week. These vulnerabilities include flaws in ServiceNow, Acronis, VMware, Microsoft Outlook, Progress Telerik, and Docker Engine.

One of the highlighted vulnerabilities is CVE-2024-37085, affecting VMware ESXi, an enterprise-class hypervisor. This high-severity authentication bypass vulnerability is actively being exploited by ransomware groups, allowing attackers to gain full access to ESXi hosts and potentially encrypting the hypervisor’s file system, causing business disruptions.

Another critical vulnerability is CVE-2017-11774, impacting Microsoft Outlook and allowing attackers to execute arbitrary commands. Researchers have developed a new post-exploitation framework named “Specula,” which can turn Outlook into a command and control beacon for remote code execution, making it easier for attackers to evade detection.

Other vulnerabilities include CVE-2024-4879 affecting ServiceNow, CVE-2024-6327 impacting Progress Telerik Report Server, CVE-2024-41110 targeting Docker Engine, and CVE-2023-45249 affecting Acronis Cyber Infrastructure. These vulnerabilities range from input validation issues to remote command execution flaws, posing significant risks to organizations.

In addition to these vulnerabilities, Cyble researchers also analyzed dark web exploits, industrial control system vulnerabilities, and web asset exposures in their weekly report. With the increasing sophistication of cyber threats, it is crucial for security teams to prioritize patching these vulnerabilities to protect their organizations from potential attacks.

spot_img

Related articles

Recent articles

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools The emergence of malicious AI models on the dark...

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India’s Semiconductor Ecosystem

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India's Semiconductor Ecosystem The Union Cabinet of India, led by Prime Minister Narendra Modi, has officially...

TuxBot v3 Evolution Reveals LLM-Assisted IoT Botnet Development with Enhanced Capabilities

TuxBot v3 Evolution Reveals LLM-Assisted IoT Botnet Development with Enhanced Capabilities Recent cybersecurity research has unveiled a new Internet-of-Things (IoT) botnet framework known as TuxBot...

Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India’s Largest Plant on Dark Web

Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India's Largest Plant on Dark Web A significant cybersecurity breach has emerged involving the Kudankulam Nuclear Power...